Orome1 writes "While individual acts of hacktivism are inconvenient, something else happens when hacktivists group together — they commonly perform a DDoS attack. Techniques have advanced to automate the process, making the attacks more powerful and thus more able to bypass security controls — the effect, however, remains the same. Let us take a look at the recent Operation Payback which has gained notoriety in the past few months."

alphadogg writes "As the distributed denial-of-service attacks spawned by this week's WikiLeaks events continue, network operators are discussing what progress, if any, has been made over the past decade to detect and thwart DoS attacks. Participants in the North American Network Operators Group (NANOG) e-mail reflector are debating whether any headway has been made heading off DDoS attacks in 10 years. The discussion is occurring while WikiLeaks deals with DDoS attacks after leaking sensitive government information, and sympathizers launch attacks against MasterCard, Visa, PayPal and other significant e-commerce sites."

Giovane Moura writes "For a number of days the websites of MasterCard, Visa, PayPal and others are attacked by a group of WikiLeaks supporters (hacktivists). Although the group calls itself 'Anonymous,' researchers at the DACS group of the University of Twente (UT), the Netherlands, discovered that these hacktivists are easy traceable (PDF), and therefore anything but anonymous. The LOIC (Low Orbit Ion Cannon) software, which is used by the hacktivists, was analyzed by UT researchers, who concluded that the attacks generated by this tool are relatively simple and unveil the identity of the attacker. If hacktivists use this tool directly from their own machines, instead of via anonymization networks such as Tor, the Internet address of the attacker is included in every Internet message being transmitted. In the tools no sophisticated techniques are used, such as IP-spoofing, in which the source address of others is used, or reflected attacks, in which attacks go via third party systems.

A number of readers are sending in links related to Anonymous, the Internet phenomenon — don't call them a group — behind the controversial DDoS attacks on commercial entities that fail to support WikiLeaks. The best insight into Anonymous comes from the Economist's Babbage blogger, who hung out in one of their IRC channels. Reader nk497 points out that UK users looking to join Anonymous's DDoS army should be aware they could face a jail term of up to two years; simply downloading the LOIC software used in the DDoSing could suffice to earn a conviction. One 16-year-old has been arrested in The Netherlands and is charged with participating in the DDoS. Reader ancientribe sends in coverage of a claim by one security outfit that several existing criminal botnets have joined forces with Anonymous's Operation: Payback. And reader Stoobalou notes a Thinq.co.uk story on a manifesto of sorts that purports to come from "ANON OPS," even though Anonymous disclaims any central spokesperson or entity (press release here, PDF).

An anonymous reader writes "MasterCard's website has been hit by a distributed denial of service attack. Netcraft describes how the attack uses a voluntary botnet of LOIC (low orbit ion cannon) users to swamp sites with traffic. PostFinance, the PayPal blog and Swedish prosecutors have been targeted previously."

Trailrunner7 writes "Researchers are tracking a new botnet that has become one of the more active DDoS networks on the Internet since its emergence early last month. The botnet, dubbed 'Darkness,' is being controlled by several domains hosted in Russia and its operators are boasting that it can take down large sites with as few as 1,000 bots. The Darkness botnet is seen as something of a successor to the older Black Energy and Illusion botnets and researchers at the Shadowserver Foundation took a look at the network's operation and found that it is capable of generating large volumes of attack traffic. 'Upon testing, it was observed that the throughput of the attack traffic directed simultaneously at multiple sites was quite impressive,' Shadowserver's analysts wrote in a report on the Darkness botnet. 'It now appears that "Darkness" is overtaking Black Energy as the DDoS bot of choice. There are many ads and offers for DDoS services using "Darkness." It is regularly updated and improved and of this writing is up to version 7. There also appear to be no shortage of buyers looking to add "Darkness" to their botnet arsenal.'"

DaveNJ1987 writes "The FBI believes that one third of the world's spam messages are being generated by one 23-year-old Russian man. Oleg Nikolaenko of Moscow is being blamed for operating the Mega D botnet that sent spam emails from over 500,000 infected computers."

c0lo writes "In a sudden outburst of common sense, the Australian senate decided that it is not the government's responsibility to force ISPs to disconnect infected computers from the Internet. Peter Coroneos, chief of the Internet Industry Association, used a car analogy that actually makes sense: 'It would be like forcing car manufacturers to take responsibility for bad drivers.'"

itwbennett writes "Thirty-three-year old Scottsman Matthew Anderson was sentenced this week to 18 months in prison for orchestrating a malicious Trojan campaign in 2006. The reason for his relatively light sentence? He apparently wasn't seeking to maximize profit like any normal, red-blooded hacker. Also, his timing was good. His arrest in June 2006 predated by a matter of months the Police and Justice Act, which would likely have resulted in a harsher sentence. By comparison, David Kernell, who snooped in Sarah Palin's email, got a year in prison."

alphadogg writes "Three California men have pleaded guilty to charges they built a network of CAPTCHA-solving computers that flooded online ticket vendors and snatched up the very best seats for Bruce Springsteen concerts, Broadway productions and even TV tapings of Dancing with the Stars. The men ran a company called Wiseguy Tickets, and for years they had an inside track on some of the best seats in the house at many events. They scored about 1.5 million tickets after hiring Bulgarian programmers to build 'a nationwide network of computers that impersonated individual visitors' on websites such as Ticketmaster, MLB.com and LiveNation, the US Department of Justice (DoJ) said Thursday in a press release. The network would 'flood vendors computers at the exact moment that event tickets went on sale,' the DoJ said. They had to create shell corporations, register hundreds of fake Internet domains (one was stupidcellphone.com) and sign up for thousands of bogus e-mail addresses to make the scam work."

Orome1 writes "As the classic method of combating botnets by taking down command and control centers has proven pretty much ineffective in the long run, there has been lots of talk lately about new stratagems that could bring about the desired result. A group of researchers from the Delft University of Technology and Michigan State University have recently released an analysis of the role that ISPs could play in botnet mitigation — an analysis that led to interesting conclusions. The often believed assumption that the presence of a high speed broadband connection is linked to the widespread presence of botnet infection in a country has been proven false."

splitenz notes the first actions in the war against the Koobface botnet, taken on the heels of a comprehensive report (PDF) on the operations of the botnet and the criminal gang behind it. The researchers who analyzed Koobface are the same ones who brought Ghostnet to light. "Security researchers, working with law enforcement and Internet service providers, have disrupted the brains of the Koobface botnet.The computer identified as the command-and-control server used to send instructions to infected Koobface machines was offline late Friday (US Pacific time). Criminals behind the botnet made more than $US2 million in one year. Facebook accounts are used to lure victims to Google Blogspot pages, which in turn redirect them to Web servers that contain the malicious Koobface code. This action is only a stage in the war against Koobface."

wiredmikey writes "A former University of Akron student was sentenced Friday to 30 months in prison, followed by 3 years of supervised release for conducting denial of service attacks on the sites of several prominent conservative figures as well as infecting several systems with botnet software. Mitchell L. Frost, age 23, of Bellevue, Ohio admitted that between August 2006 and March 2007, he initiated denial of service attacks on web servers hosting the sites of political commentators, including Bill O'Reilly, Rudy Giuliani, Ann Coulter, and others."

Trailrunner7 writes "The nation of Myanmar, formerly known as Burma, found its access to the Internet severed by a massive denial of service attack, according to a report by Arbor Networks. The source or motivation of the attack isn't known, but it is believed that the distributed denial of service (DDoS) attacks have targeted the country's Ministry of Post and Telecommunication (or PTT), the main conduit for Internet traffic in and out of the authoritarian nation."

ancientribe writes "The attackers behind a recent Zeus Trojan exploit that targeted quarterly federal taxpayers who file electronically also set up a trap for researchers investigating the attack as well as their competing cybercrime gangs. They fed them a phony administrative panel with fake statistics on the number of Zeus-infected machines, as well as phony 'botnet' software that actually gathers intelligence on the researcher or competitor who downloads it."

Leon Buijs writes "Monday a 27-year-old Armenian was arrested at request of the Dutch authorities. The Dutch police think he is the brain behind the infamous, 30 million infected computers large Bredolab network, that was taken down by their Team (in Dutch) High Crime. Bredolab was used to spread virii and spam via the Netherlands. While taking the botnet down at a Dutch ISP, the suspect did several attempts to regain control. When this didn't work out, he did a DDoS attack on the ISP's servers using a 220,000 computers botnet. However, this was also broken off by taking 3 servers offline that the Armanian used for this, in Paris."

wiredmikey writes "Botnets controlled by criminal enterprises all over the world continue to multiply at a steep rate, and it is now arguably the smaller, harder-to-trace operations that organizations should be the most worried about. Not only are smaller botnets cheaper and easier to build out and operate, but criminals have already realized that large-scale botnet activity attracts unwanted attention, and not just of law enforcement."

angry tapir writes "A group of malicious hackers who attacked Twitter and the Chinese search engine Baidu are also apparently running a for-rent botnet, according to new research from Seculert. The so-called Iranian Cyber Army also took credit last month for an attack on TechCrunch's European website. In that incident, the group installed a page on TechCrunch's site that redirected visitors to a server that bombarded their PCs with exploits in an attempt to install malicious software."

wiredmikey writes "The industrialized hackers are intent on one goal — making money. They also know the basic rules of the business of increasing revenues while cutting costs. As hackers started making money, the field became full of 'professionals' that inspired organized cyber crime. Similar to industrial corporations, hackers have developed their own business models in order to operate as a profitable organization. What do these business models look like? Data has become the hacker's currency. More data, more money. So the attack logic is simple: the more attacks, the more likely victim — so you automate ..."

angry tapir writes "Microsoft has seen a dramatic drop in the number of computers infected with Waledac, a piece of malicious software affiliated with a botnet that was once responsible for a massive amount of spam. In the second quarter of this year, the company cleaned only 29,816 computers infected with Waledac, down from 83,580 computers in the first quarter of the year. The drop in the number of infected machines shows the success of the legal action Microsoft took earlier in the year, according to the company."